This exploit demonstrates an arbitrary file deletion vulnerability in CuteNews 2.1.2. The vulnerability is triggered via a POST request to the Media Manager, allowing low-privileged users to delete arbitrary files due to insecure use of the unlink() function.
Classification
Working Poc 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target:CuteNews 2.1.2
Auth required
Prerequisites:Valid session cookie (CUTENEWS_SESSION) · Access to the Media Manager functionality